You’ve grown and nurtured your business, and you want to protect it. But, in today’s world of the internet and technology, installing an alarm system is no longer enough to secure your company. While the technology renaissance we have gone through has certainly benefited consumers and businesses alike, it’s also brought a new vulnerability with it – the emergence of cybercrime.

Cybercrime…it seems like such a simple word, however its simple identifier fails to portray the true magnitude of its risks. For the most part, cybercrime falls into one of two categories, digital piracy and broader information attacks.

Digital piracy involves the illegal duplication, sale or use of unlicensed software. This could be as basic as installing a program on two computers when you only hold one license, or as complex as a crime ring producing counterfeit versions of the latest Windows operating system. Meanwhile, information attacks involve a broad range of tactics that may involve malware, viruses and other means to glean data, or personal information, from a target.

We all know running a business, especially a small business, is challenging and it’s normal to look for ways to cut costs – especially when it comes to IT. And digital pirates prey upon this behavior. Digital piracy is one area where the old adage, “if it sounds too good to be true, it likely is,” definitely rings true.

You may even ask, “Well, Don, is it really so terrible to download the same software on two computers?” The answer is yes. Utilizing a single software license on two devices means only one device will receive the regular security updates and patches from the manufacturer, opening your network to increased risk from information attacks. And software found online for far below market value is also likely pirated, and may include malware and viruses. In fact, in their study, The Link between Pirated Software and Cybersecurity Breaches, IDC recently found that U.S. businesses are expected to spend $22 billion in 2014 dealing with security issues associated with pirated software.

Meanwhile, information attacks involve a broad range of tactics that may involve malware, viruses and other means to glean data from a target – and are not always associated with pirated software. While piracy often involves a tangible asset, information attacks are much more subvert and hard to identify.

So you say, “Don’t worry Don, I’m a small business, cybercriminals are after the big fish in the water.” Wrong again. Criminals are increasingly targeting SMBs who often do not have the same level of security or are less likely to ensure machines have all the latest updates. And data breaches are expected to cost U.S. businesses another $75.5 billion in 2014, according to IDC. With information attacks increasingly being led by organized crime syndicates and sophisticated operations, their effectiveness and risk to businesses continues to climb. For the U.S., 93 percent of business losses are expected to be the result of criminal organizations.

Both digital piracy and information attacks bring with them their own unique range of IT threats for businesses, and while they may overlap at times, each requires its own security measures. Just because a business purchases only legal genuine software, doesn’t mean they are immune from the risks of information attacks. Meanwhile, that amazing deal you got on productivity software may include hidden malware and bots designed to siphon off customer data and account information without your knowledge.

“Great Don, you have my attention, but what can I do?” The good answer is all businesses, despite their size, can decrease their risk of being the victim of cybercrime – without breaking the bank! With three simple steps, you can secure your IT network and protect your business from today’s cybercriminals.

Download all software updates: The simplest, and perhaps most effective, way to protect yourself is through frequent security updates for all your software. Updates should be downloaded directly from the manufacturer or publisher’s website to avoid spoof sites set up to look like updates. Ensure that you download all recommended updates and keep your anti-virus software active and up-to-date – and consider modern operating systems which have free built-in anti-virus and malware protection, such as Microsoft’s Windows 8.1.

Develop an IT policy: Develop a policy for computer security with guidance for employees on acceptable software downloads and activity, ensuring all employees have a copy and are aware of their role in protecting your IT infrastructure. Monitoring what software your employees are bringing in to your network environment is key to protecting it.

Purchase all your hardware, software and computer services from trusted, reputable sources: Most manufacturers have a way to verify if a business is an authorized vendor for them, and if they’re not, walk away – no matter how good a deal it is.

Bonus Tip: Small businesses without dedicated IT staff can also look into hiring consultants who provide assistance in software management and security practices.

Ultimately, knowledge is power, and a few simple steps can have a tremendous impact on your information security. Technology is an area where if it sounds too good to be true, it likely is – and a little commonsense goes a long way.

Don Morrison, Director of U.S. Anti-Piracy at Microsoft, resides in Portland, Ore.